CN111460530B - SATA encryption card with M.2 interface - Google Patents
SATA encryption card with M.2 interface Download PDFInfo
- Publication number
- CN111460530B CN111460530B CN202010248072.3A CN202010248072A CN111460530B CN 111460530 B CN111460530 B CN 111460530B CN 202010248072 A CN202010248072 A CN 202010248072A CN 111460530 B CN111460530 B CN 111460530B
- Authority
- CN
- China
- Prior art keywords
- sata
- data
- encryption
- encryption card
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a SATA encryption card with an M.2 interface, which comprises SATA PHYs, CPU, RAM, norFlash, DMA and an encryption module, wherein the SATA encryption card is communicated with the outside through the M.2 interface on the SATA PHY, the SATA PHY is provided with a SATA IN FIFO and a SATA OUT FIFO, the encryption module is connected with the SATA IN FIFO through DMA, the SATA OUT FIFO is connected with the encryption module through another DMA, the encryption module is connected with a CPU, the CPU is respectively connected with a RAM and a Norflash, and the DMA, the encryption module and the SATA PHY which are connected with the SATA IN FIFO and the SATA OUT FIFO are controlled by the CPU; when the SATA encryption card is used, the SATA encryption card is simulated to be an M.2 interface SATA hard disk, and a data bypass mode execution system is adopted to simulate read-write operation of the SATA hard disk. The invention can be accessed to the equipment supporting the M.2 interface or the SATA interface and has the function of the traditional PCIE encryption card.
Description
Technical Field
The invention relates to an encryption card, in particular to a SATA encryption card with an M.2 interface, belonging to the technical field of safe storage.
Background
With the deep and popularization of national peer-to-peer security 2.0 mechanisms and cloud security standards, the performance, cost and reliability requirements of basic encryption equipment are higher and higher. The conventional encryption card generally adopts a PCIE interface, and the PCIE interface occupies a larger area on IC hardware, so that the cost and the power consumption are higher, and the device is required to support the PCIE interface, but the device is not suitable for occasions with low performance requirements, small encrypted data volume and sensitivity to power consumption.
Disclosure of Invention
The invention aims to provide an M.2 interface SATA encryption card which can be accessed into equipment supporting an M.2 interface or an SATA interface and has the function of a traditional PCIE encryption card.
In order to solve the technical problems, the invention adopts the following technical scheme: the SATA encryption card with the M.2 interface comprises SATA PHYs, CPU, RAM, norFlash, DMA and an encryption module, wherein the SATA encryption card is communicated with the outside through the M.2 interface on the SATA PHY, the SATA PHY is provided with a SATA IN FIFO and a SATA OUT FIFO, the encryption module is connected with the SATA IN FIFO through DMA, the SATA OUT FIFO is connected with the encryption module through another DMA, the encryption module is connected with a CPU, the CPU is respectively connected with a RAM and a Norflash, and the DMA, the encryption module and the SATA PHY which are connected with the SATA IN FIFO and the SATA OUT FIFO are controlled by the CPU; when the SATA encryption card is used, the SATA encryption card is simulated to be an M.2 interface SATA hard disk, and a data bypass mode execution system is adopted to simulate read-write operation of the SATA hard disk.
Further, the system is told that the capacity of the SATA encryption card is T by modifying the content of the 54 th-58 th word responded by the SATA identification instruction in the SATA encryption card, and the system automatically recognizes the SATA encryption card as a SATA hard disk with the capacity of T.
Further, when the data bypass mode execution system is adopted to perform the writing operation of the simulated SATA hard disk, the simulated SATA hard disk caches and discards all the written data and returns a SATA instruction to be successful; when the data bypass mode execution system is adopted to read the simulated SATA hard disk, 0xff data with specified length is filled in the simulated SATA hard disk and returned to the upper computer, and a SATA instruction is returned successfully.
Further, the SATA IN FIFO, SATA OUT FIFO, and encryption module are packaged IN one DIE, and during DMA transmission, the CPU automatically randomly configures a mask seed for transmitting data, thereby interfering with power consumption variation during transmission.
Further, the SATA encryption card adopts two instruction modes: the method comprises the steps of a structural data mode and a stream data mode, wherein each encryption/decryption is completed by a write operation and/or a read operation, an instruction is defined through out-of-range LBAs, and the minimum length of standard read-write data is 1 LBA each time.
Furthermore, the Norflash is positioned in the SATA encryption card, and the client stores information under the condition of security authorization, wherein the stored information comprises data, a secret key and a log; an EMC module scrambling a storage space is arranged between the Norflash and the CPU, the register configuration of the EMC is set to be power-down and not lost, the register control of the EMC is not opened to a client, and a SATA encryption card layer and a custom interface for authority control by respective manufacturers are provided.
Further, the SATA encryption card is provided with a secure mass production mechanism, after the SATA encryption card leaves the factory, a set of authorization data is written by a mass production tool, the authorization data is bound with an encryption chip ID of the encryption module and stored as a file under a mass production tool directory, when the mass production is required to be restarted, the verification authority data of the encryption chip ID under the mass production tool directory is automatically searched, only the correct authority data can be restarted, and multiple times of incorrect mass production can lead the SATA encryption card to enter a data and key destruction state.
Furthermore, the stream data mode is suitable for encryption algorithms SM1, SM3, SM4, AES and SHA256, and in the stream data encryption mode, data is continuously transmitted, the data length is set by a SATA standard command read/write command LBA, the data is continuously transmitted, and redundant data is automatically discarded by an upper computer.
The structure data mode is suitable for encryption algorithms SM2 and RSA, a specific command LBA is read and written through SATA standard commands, the specific command LBA designates that only the first data packet has special meaning, after receiving data, the SATA encryption card carries out command processing, analyzes the legal data length, splits the meaningful data and sends the meaningful data into a hardware encryption module, and then an upper computer reads a calculation result and discards redundant data by itself.
Furthermore, the encryption operation that the upper computer obtains the data from the SATA encryption card can be completed only by 1 reading operation without inputting data calculation.
The invention has the beneficial effects that: the SATA protocol encryption card of the M.2 interface can completely realize the functions of the traditional PCIE encryption card, and the steady-state performance of 128KB/64KB data packets is 880 bps+/-5%. The product has low price, power consumption far lower than PCIE interface encryption card, supports OpenSSL, SKF, SDF interface standard, and can be developed and customized for the customer for the second time, and the multiple protection mechanisms of the customer data and the chip on the SATA encryption card layer and the chip layer can strengthen the security of the data, thus being applicable to equipment such as encryption equipment terminals, encryption cameras, small hundred megaencryption servers and the like. Has wide application prospect in the aspects of equivalent protection of 2.0, internet of things and cloud security.
Drawings
FIG. 1 is a schematic block diagram of the present invention;
FIG. 2 is a schematic diagram showing the read/write control of the SATA encryption card of the present invention as an analog SATA hard disk;
FIG. 3 is a flow chart of the encryption command communication of the SATA encryption card of the present invention;
FIG. 4 is a diagram illustrating encryption and decryption instruction definition and calculation;
FIG. 5 is a flow chart of a storage management mechanism of the SATA encryption card of the present invention;
FIG. 6 is a flow chart of a security mass production mechanism of the SATA encryption card of the present invention.
Detailed Description
The invention is further described with reference to the accompanying drawings and the specific embodiments, wherein the firmware in the drawings is the SATA encryption card.
The embodiment discloses a SATA encryption card with an M.2 interface, as shown IN FIG. 1, the SATA encryption card comprises a SATA PHY, a CPU, RAM, norFlash, EMC module, a DMA and an encryption module, wherein the SATA encryption card is communicated with the outside through the M.2 interface on the SATA PHY, the SATA PHY is provided with a SATA IN FIFO and a SATA OUT FIFO, the encryption module is connected with the SATA IN FIFO through the DMA, the SATA OUT FIFO is connected with the encryption module through another DMA, the encryption module is connected with a CPU, the CPU is respectively connected with a RAM and a Norflash, the EMC module is connected between the Norflash and the CPU, and the DMA, the encryption module and the SATA PHY connected with the SATA IN FIFO and the SATA OUT FIFO are controlled by the CPU.
In fig. 1, solid lines represent SATA encryption card internal data lines, and broken lines represent SATA encryption card internal control lines.
In this embodiment, the encryption module is based on an HX8800 national encryption security chip, the chip supports SATA iii standard, adopts an m.2 interface, and hardware implements algorithms such as SM1, SM2, SM3, SM4, and the like, and simultaneously supports international general encryption algorithms such as AES, SHA1, RSA, and the like, and the SATA encryption card layer adopts Lib mode, conceals key register control, and encapsulates the SATA encryption card interface. The upper computer development package supports OpenSSL, SKF, SDF interface standard, can also be customized and developed according to the requirements of clients, and supports X86 or ARM architecture systems such as Windows, zhongzhuyu, ubuntu and the like.
Since some system versions prohibit reading and writing to LBA (logical offset address) of SATA non-storage devices of the m.2 interface, the embodiment adopts a virtual storage mode to emulate an m.2 interface encryption card as an m.2 interface SATA hard disk. The specific implementation mode is as follows: by modifying the 54 th to 58 th word content responded by the SATA identification instruction in the analog SATA hard disk, the system is told that the capacity of the equipment is T, and the system can automatically identify the encryption card as the SATA storage hard disk with the T capacity, but the actual SATA encryption card has no storage function. In this embodiment, T is 100GB.
Because the system has an error retransmission mechanism to the SATA device, if the reading and writing to the virtual storage area are forbidden, the drive layer is triggered for 7-10 times to automatically retry, so that long-time blocking is caused. In the embodiment, a data bypass mode execution system is adopted to perform read-write operation on the analog SATA hard disk. As shown in FIG. 2, during a write operation, the emulated SATA hard disk buffers and discards all write data and returns SATA instructions successfully, in FIG. 2, the write data is buffered to RAM and then discarded.
During reading operation, the SATA encryption card fills 0xff data with specified length into the SATA IN FIFO, then returns to the upper computer and returns SATA instructions successfully, so that a retransmission mechanism is not triggered, storage particles are not required to be added, the cost is increased, the compatibility is ensured, and the cost is reduced.
In the embodiment, the encryption module is based on the national security chip HX8800, and the encryption algorithm is realized by hardware, so that the performance is high and the security is good. IN the hardware design, the intermediate process and result of the hardware encryption operation cannot enter the RAM, the operation result is directly put into the SATA IN FIFO through the DMA, the FIFO can only be sent to the upper computer through the SATA hardware, and the intermediate result cannot be obtained through the SATA encryption card. The whole SATA IN/OUT FIFO and the encryption module are packaged IN a DIE (small squares cut off on a Silicon Wafer), and IN the DMA transmission process, a CPU automatically and randomly configures a mask seed for transmitting data to interfere with the power consumption change IN the transmission process, so that DPA (differential power consumption) attacks and monitoring attacks on a RAM are prevented to a certain extent. High security hardware encryption is achieved.
In this embodiment, the SATA encryption card adopts two instruction modes: the structure data mode and the stream data mode, each encryption/decryption operation is completed by a write operation and/or a read operation. As shown in fig. 3, which is a flowchart of encryption/decryption performed by a read operation and a write operation, the method includes the following steps: s31), the operating system generates an encryption/decryption instruction and simultaneously sends a write operation instruction (SATA OUT) to the SATA encryption card; s32), after receiving SATA OUT FIFO data, the CPU starts a DMA and encryption module, and returns a successful sending instruction to the operating system; s33), the SATA OUT FIFO transmits data to the encryption module through the DMA, the encryption module acquires the data, then performs encryption/decryption calculation, and returns calculation completion to the CPU; s34), the operating system sends a read operation instruction (SATA IN) to a CPU of the SATA encryption card, the CPU starts the DMA and the encryption module again, and the encryption module sends a calculation result according to the requirement of the upper computer for obtaining the result; s35), the calculation result is transmitted to the SATA IN FIFO by the encryption module through DMA, and is transmitted to the operating system by the SATA IN FIFO, and meanwhile, the instruction is returned successfully.
In some cases, if a random number is obtained, the data calculation is not required to be input, and only 1 reading operation is required to obtain the data from the SATA encryption card.
As shown in fig. 4, the instruction is defined by an out-of-range LBA, which includes a Base address (base_addr) and an offset, which is a defined private instruction, and includes three types of data encryption, key configuration, and calculation result acquisition. According to the SATA III interface standard, the minimum length of data read and write at a time is 1 LBA (512 bytes).
For the streaming encryption modes such as SM1, SM3, SM4, AES and the like or hash algorithms SM3 and SHA256, a large amount of data is generally continuously transmitted in application, the data length is set through SATA standard instruction read/write instruction LBA, data is continuously transmitted, and redundant data is automatically discarded by an upper computer, so that the method has higher efficiency for large amount of data transmission. For the structure data mode, typically, asymmetric encryption SM2, RSA and the like, a specific command LBA is read and written through a SATA standard command, the specific command LBA designates that only the first data packet has a special meaning, after receiving data, the firmware firstly carries out command processing, analyzes the legal data length, splits the meaningful data and sends the split meaningful data into a hardware encryption module, and then an upper computer reads a calculation result and automatically discards redundant data.
As shown in FIG. 1, the Norflash is located in the SATA encryption card, that is, the embodiment provides an on-chip flash management mechanism, the storage space of the Norflash is 128KB, and the user can store data, keys, logs and other information under the condition of security authorization.
The hardware provides an EMC hardware module capable of scrambling a storage space, the register is configured to be powered down and not lost, the main function of the module is to mix data in FLASH with disturbing data related to addresses according to a certain rule, recalculate original data, and the calculation flow is shown in figure 5. After the writing of the data in some areas is finished, the data can be set to an EMC scrambling mode, the data can not be erased under the condition of starting EMC, and the read data is disturbed by an EMC module, so that real numbers can not be obtained. The register control of EMC is not opened to clients, the firmware layer provides customized interfaces to control authority by respective manufacturers, and the data between integrated manufacturers can be ensured to be incapable of being mutually cracked.
In this embodiment, the SATA encryption card sets a secure mass production mechanism, after the SATA encryption card leaves the factory, a set of authorization data is written by the mass production tool, and the authorization data is bound with the encryption chip ID of the encryption module and stored as a file in the mass production tool directory. As shown in fig. 6, when the mass production is required to be resumed, the encrypted chip ID under the catalog of the mass production tool is automatically retrieved to verify the authority data, and only the authority data can be reproduced correctly, so that multiple times of incorrect mass production can cause the SATA encrypted card to enter a data and key destruction state, thereby ensuring the security of the data.
In order to verify the performance of the m.2 encryption card according to this embodiment, performance testing was performed as follows:
1. the M.2 interface SATA encryption card is manually inserted, the system identifies 100GB of unformatted storage equipment, the initializing equipment is successful, the formatting equipment prompts failure (normal phenomenon is that no storage medium exists), and a third party reads and writes 100GB of unformatted virtual storage equipment without long-time blocking.
2. The performance of the encryption algorithm was tested by script and at SATA iii interface speed, the performance is shown in table 1.
3. And (3) writing data, erasing data and prompting failure under the condition of opening the EMC scrambling module, wherein the read data is error data, and the read data and the erase data are normal under the condition of closing the locking.
4. Weight production is attempted under the condition that rights are not acquired, mass production fails, and the original firmware and data of the M.2 interface SATA encryption card are retried for 10 times and destroyed automatically.
The SATA encryption card can be connected into equipment supporting M.2 or SATA interfaces such as a mobile notebook, a server and a PC, a hardware encryption module is arranged in the equipment, encryption and decryption data are not cached in the middle, the SATA encryption card and an upper computer support OpenSSL specifications, SDF and SKF interfaces are supported, and the interfaces can be customized to meet non-standard requirements. The method has the characteristics of low cost, higher performance, good stability and higher flexibility, has great advantages in local encryption and decryption of the remote equipment, and can be widely used as basic hardware equipment in the fields of security, video monitoring, data terminals, encryption servers and the like.
The foregoing description is only of the basic principles and preferred embodiments of the present invention, and modifications and alternatives thereto will occur to those skilled in the art to which the present invention pertains, as defined by the appended claims.
Claims (7)
1. An m.2 interface SATA encryption card, characterized in that: the SATA encryption card is communicated with the outside through an M.2 interface on the SATA PHY, a SATA IN FIFO and a SATA OUT FIFO are arranged on the SATA PHY, the encryption module is connected with the SATA IN FIFO through DMA, the SATA OUT FIFO is connected with the encryption module through another DMA, the encryption module is connected with a CPU, the CPU is respectively connected with a RAM and a Norflash, and the DMA, the encryption module and the SATA PHY which are connected with the SATA IN FIFO and the SATA OUT FIFO are controlled by the CPU; when the SATA encryption card is used, the SATA encryption card is simulated to be an M.2 interface SATA hard disk, and a data bypass mode execution system is adopted to simulate read-write operation of the SATA hard disk; when the data bypass mode execution system is adopted to perform the writing operation of the simulated SATA hard disk, the simulated SATA hard disk caches and discards all the written data and returns a SATA instruction to be successful; when the data bypass mode execution system is adopted to perform the read operation of the simulated SATA hard disk, 0xff data with specified length is filled in the simulated SATA hard disk and returned to the upper computer, and a SATA instruction is returned successfully; the SATA IN FIFO, the SATA OUT FIFO and the encryption module are packaged IN a DIE, and IN the DMA transmission process, the CPU automatically and randomly configures mask seeds of transmission data to interfere with power consumption change IN the transmission process; the SATA encryption card adopts two instruction modes: the method comprises a structural data mode and a stream data mode, wherein each encryption/decryption operation is completed by a write operation and/or a read operation, an instruction is defined through out-of-range LBAs, and the minimum length of standard read-write data is 1 LBA each time.
2. The SATA encryption card of claim 1 wherein: the system is told that the capacity of the SATA encryption card is T by modifying the content of the 54 th-58 th word responded by the SATA identification instruction in the SATA encryption card, and the system automatically recognizes the SATA encryption card as a SATA hard disk with the capacity of T.
3. The SATA encryption card of claim 1 wherein: the Norflash is positioned in the SATA encryption card, and the client stores information under the condition of security authorization, wherein the stored information comprises data, a secret key and a log; an EMC module scrambling a storage space is arranged between the Norflash and the CPU, the register configuration of the EMC is set to be power-down and not lost, the register control of the EMC is not opened to a client, and a SATA encryption card layer and a custom interface for authority control by respective manufacturers are provided.
4. The SATA encryption card of claim 1 wherein: the SATA encryption card is provided with a safe mass production mechanism, after the delivery of the SATA encryption card, a group of authorization data is written in by a mass production tool, the authorization data is bound with an encryption chip ID of an encryption module and is stored as a file under a mass production tool catalog, when the mass production is required to be restarted, the encryption chip ID under the mass production tool catalog is automatically searched to verify authority data, only the correct authority data can be produced in a correct mass mode again, and the SATA encryption card can enter a data and key destroying state due to repeated incorrect mass production.
5. The SATA encryption card of claim 1 wherein: the stream data mode is suitable for encryption algorithms SM1, SM3, SM4, AES and SHA256, and in the stream data encryption mode, data is continuously transmitted, the data length is set through SATA standard instruction read/write instruction LBA, the data is continuously transmitted, and redundant data is automatically discarded by an upper computer.
6. The SATA encryption card of claim 1 wherein: the structure data mode is suitable for encryption algorithms SM2 and RSA, a specific command LBA is read and written through SATA standard commands, the specific command LBA designates that only the first data packet has special meaning, after receiving data, the SATA encryption card carries out command processing, analyzes the legal data length, splits the meaningful data and sends the meaningful data into a hardware encryption module, and then an upper computer reads a calculation result and discards redundant data by itself.
7. The SATA encryption card of claim 1 wherein: the encryption operation that the upper computer obtains data from the SATA encryption card can be completed only by 1 operation without inputting data calculation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010248072.3A CN111460530B (en) | 2020-04-01 | 2020-04-01 | SATA encryption card with M.2 interface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010248072.3A CN111460530B (en) | 2020-04-01 | 2020-04-01 | SATA encryption card with M.2 interface |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111460530A CN111460530A (en) | 2020-07-28 |
| CN111460530B true CN111460530B (en) | 2023-05-05 |
Family
ID=71679494
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010248072.3A Active CN111460530B (en) | 2020-04-01 | 2020-04-01 | SATA encryption card with M.2 interface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111460530B (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102073808B (en) * | 2010-11-17 | 2014-05-21 | 曙光云计算技术有限公司 | Method for encrypting and storing information through SATA interface and encryption card |
| CN103345453B (en) * | 2013-06-27 | 2016-02-24 | 清华大学 | Based on supporting the method that the fixed disk data enciphering card of SATA interface is encrypted |
| CN105243344B (en) * | 2015-11-02 | 2020-09-01 | 上海兆芯集成电路有限公司 | Chip set with hard disk encryption function and host controller |
| WO2017101122A1 (en) * | 2015-12-18 | 2017-06-22 | 深圳市振华微电子有限公司 | Computer encryption lock having separating management and use |
-
2020
- 2020-04-01 CN CN202010248072.3A patent/CN111460530B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111460530A (en) | 2020-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8806128B2 (en) | System and method for information security device with compact flash interface | |
| KR102453780B1 (en) | Apparatuses and methods for securing an access protection scheme | |
| CN106127043B (en) | The method and apparatus that security sweep is carried out to data storage device from remote server | |
| US8627100B2 (en) | Separate type mass data encryption/decryption apparatus and implementing method therefor | |
| US20060053308A1 (en) | Secured redundant memory subsystem | |
| Shwartz et al. | Reverse engineering IoT devices: Effective techniques and methods | |
| TWI620093B (en) | Method and apparatus for securing computer mass storage data | |
| US8843768B2 (en) | Security-enabled storage controller | |
| KR20100009062A (en) | File system configuration method and apparatus for data security, method and apparatus for accessing data security area formed by the same, and data storage device thereby | |
| US20060112267A1 (en) | Trusted platform storage controller | |
| CN106845261A (en) | A kind of method and device of destruction SSD hard disc datas | |
| CN111460530B (en) | SATA encryption card with M.2 interface | |
| CN102004705B (en) | USB storage device based on hardware encryption | |
| CN113536330A (en) | Storage device and data cleaning method thereof | |
| US6810438B1 (en) | Method for enabling value-added feature on hardware devices using a confidential mechanism to access hardware registers in a batch manner | |
| CN201886463U (en) | USB (universal serial bus) memory device based on hardware encryption | |
| CN117473495A (en) | Storage system and device for luxury software and malware protection and method thereof | |
| CN113127896B (en) | Data processing method and device based on independent encryption chip | |
| CN115455440A (en) | Transparent encryption method and device, electronic equipment and storage medium | |
| KR20100048705A (en) | Usb hub device for providing datasecurity and method for providing datasecurity using the same | |
| CN107240408B (en) | For the read-write managing and control system of CD-ROM CD media | |
| CN110334501B (en) | Data protection method, device and equipment based on USB flash disk | |
| CN110765450A (en) | Method for setting authority of non-volatile memory host controller interface and asymmetric encryption | |
| Lee et al. | USB PassOn: secure USB thumb drive forensic toolkit | |
| KR20190078198A (en) | Secure memory device based on cloud storage and Method for controlling verifying the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |